West Monroe Home Test
  • Instagram Link
  • LinkedIn Link
  • X Link
  • Youtube Link
  • Glassdoor Link

Quick Read

AI Agents and Salesforce Security: What the Drift Attack Reveals

September 10, 2025

Hero Image

In August, attackers exploited vulnerabilities in the Salesloft Drift AI chatbot, compromising Auth tokens and exposing data in Salesforce, Google Workspace, and other connected systems.

The breach wasn’t abstract. Threat actors primarily targeted Salesforce support cases, stealing the contents to harvest credentials, authentication tokens, and other secrets often shared in tickets. That gave attackers a path into sensitive systems well beyond Salesforce itself. More than 700 organizations, including major security firms, confirmed impact. In response, Salesloft revoked access tokens and pulled Drift from the Salesforce AppExchange.


How West Monroe Can Help


As a long-time Salesforce partner and cybersecurity leader, we’re ready to step in quickly. That means helping impacted organizations revoke compromised access, get to the source of what happened, and secure critical integrations before issues cascade.

But our role doesn’t stop at remediation. We partner with clients to strengthen Salesforce environments for the future, whether that’s auditing AI-driven integrations, tightening identity and access controls, or building rapid-response playbooks. The goal: ensure your Salesforce ecosystem is more resilient as agentic AI becomes mainstream


Securing Salesforce as Agentic AI Expands


AI agents are becoming embedded in Salesforce workflows—making security more complex and more critical. Here are five priorities to get right, and how we help clients put them into practice:

  1. Enforce least privilege: Limit OAuth and app permissions to what’s necessary. We help by auditing existing roles, removing excess access, and setting up governance processes to prevent over-permissioning over time.
  2. Know what’s connected: Many companies don’t have a full picture of every AI or third-party integration. We build inventories of connected apps and uncover hidden or unused integrations before attackers do.
  3. Log and monitor agent activity: It’s not enough to trust system logs. We configure monitoring for anomalous behaviors—like unusual API calls or mass queries—and integrate alerts into security operations.
  4. Protect sensitive support data: Customer case data often includes passwords or keys. We help clients automate redaction and encryption within Salesforce so this data doesn’t become an attacker’s entry point.
  5. Plan for rapid response: Breaches are inevitable—but cascading impact doesn’t have to be. We help develop and test incident response plans so they are practiced proactively.

The Bottom Line:

Agentic AI will increasingly shape how Salesforce operates. Securing it requires a blend of cyber rigor and Salesforce expertise—and that’s where West Monroe is uniquely positioned to help.

Authors: Andrew Gaeckle, Christina Powers, Nathan Beu